Article Per Year (5 Year)
p-Index From 2021 - 2026
1.037
P-Index
This Author published in this journals
All Journal Journal on Education Progresif: Jurnal Ilmiah Komputer Formosa Journal of Multidisciplinary Research (FJMR) Jurnal Teknologi Komputer dan Informatika
Nana Sujana
Politeknik Pajajaran Insan Cinta Bangsa Bandung
Civil Engineering, Building, Construction & Architecture Computer Science & IT Control & Systems Engineering Decision Sciences, Operations Research & Management Education Electrical & Electronics Engineering Social Sciences

Published : 5 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search
Journal : Progresif: Jurnal Ilmiah Komputer

 1 
Security Assessment of Open-Source Village Governance Systems: A Case Study of OpenSID Ikhsan Fanani; Nana Sujana; Muhamad Hilmansyah Susanta
Progresif: Jurnal Ilmiah Komputer Vol 22, No 1 (2026): Januari
Publisher : STMIK Banjarbaru

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.35889/progresif.v22i1.3560

Abstract

Indonesia's OpenSID platform manages sensitive citizen data across thousands of rural administrative units, yet no empirical security assessment exists in academic literature. This study addresses this gap through comprehensive security evaluation using Static Application Security Testing (SAST) and Software Composition Analysis (SCA), with findings mapped to OWASP Top 10 and scored using CVSS v3.1. Analysis identified 402 raw findings, with 170 (42.3%) confirmed as true positives after manual validation. Broken Access Control (105 findings) and Injection vulnerabilities (26 findings) were predominant, with seven Critical or High severity issues detected, including path traversal and known CVE dependencies. The 57.7% false positive rate emphasizes the necessity of manual validation alongside automated scanning. This research provides the first structured security audit of Indonesian governance software and recommends adopting GitHub-native security tools and formal vulnerability disclosure policies.Keywords: OpenSID; Security Assessment; OWASP Top 10; Static Application Security Testing; Village Information System  AbstrakPlatform OpenSID Indonesia mengelola data sensitif warga di ribuan unit administrasi pedesaan, namun belum ada penilaian keamanan empiris dalam literatur akademik. Penelitian ini mengisi kesenjangan tersebut melalui evaluasi keamanan komprehensif menggunakan Static Application Security Testing (SAST) dan Software Composition Analysis (SCA), dengan temuan dipetakan ke OWASP Top 10 dan dinilai menggunakan CVSS v3.1. Analisis mengidentifikasi 402 temuan mentah, dengan 170 (42,3%) dikonfirmasi sebagai true positive setelah validasi manual. Broken Access Control (105 temuan) dan kerentanan Injection (26 temuan) mendominasi, dengan tujuh masalah tingkat keparahan Critical atau High terdeteksi, termasuk path traversal dan dependensi CVE yang diketahui. Tingkat false positive 57,7% menekankan pentingnya validasi manual bersama pemindaian otomatis. Riset ini menyediakan audit keamanan terstruktur pertama untuk perangkat lunak tata kelola Indonesia dan merekomendasikan adopsi tools keamanan GitHub-native serta kebijakan pengungkapan kerentanan formal.Kata kunci: OpenSID; Asesmen Keamanan; OWASP Top 10; Static Application Security Testing; Sistem Informasi Desa 
Co-Authors Aat Ruchiat Nugraha Andri Nurdiyansah Dematria Pringgabayu Diana Arianti Fanani, Ikhsan Kunto Ajibroto Muhamad Hilmansyah Susanta Nur Azizah Rukhmana, Trisna Said Bambang Nurcahya Sepryanus Rano Putra Yusnadi Yusnadi